Don't use Marriot hotels' sleazy Wi-Fi

Brian X. Chen for the New York Times: "The hotel’s Internet service was secretly injecting lines of code into every page he visited, code that could allow it to insert ads into any Web page without the knowledge of the site visitor or the page’s creator. (He did not actually see any such ads.)"
Guest Justin Watt's full report has that air of mounting frustration so many of us now associate with hotel travel. The best parts of Chen's story are where Courtyard Marriot is such an organizational disaster that it can't even figure out what spokesperson is responsible for replying to the Times' inquiries; and where the WiFi provider, RG Nets, "quickly hung up on calls."

Update: Watt has added a statement received from Courtyard Marriot, in which it blames RG Nets and says the script insertion occurred "unbeknownst" to it. However, the hotel chain also claims it is "a common marketing practice with many Internet service providers".

Once upon a time, Belkin released a router that did the same thing, though less frequently. I haven’t bought so much as a USB cable from them since. Any company that thinks it’s OK to mess with my data stream doesn’t get my business. Not ever. IMO if they thought it was in any way acceptable even once, they are not people that I want to do business with even if they say they’ve changed.

Target does something like this too. If you do a google search while on Target’s in-store WiFi, search results will have a green check mark next to them. Apparently they have some kind of proxy that only allows “approved” search results.

I’ve tried ricockulously NSFW material and they don’t seem to care, and they don’t seem to be doing anything obvious like tampering with comparison shopping and competitors like walmart.com…

They did mange to break Apple’s iTunes and the App Store (you can browse, but you get an error if you try to download anything, which is really odd because Apple uses SSL)

Just walk in with your phone set to Wi-Fi tether or carry a Mi-Fi. Visit whatever site you want then. If I want a good deal in a PC shop I always do this, and Google the cheapest prices. When the staff see this they usually panic, and bow down to reasonable price matching. If one shop is able to sell something for a certain price then it’s a fair assumption that they buy them in for the same price so therefore able to sell at the same price.

Yep, this was my thought too. I saw this myself recently on an airport’s wifi. I was visiting a page that I own and that has no ads at all on it, and sure enough, there was my content with a big banner ad across the top. I took screen caps and saved copies of the vandalized code, but I didn’t do anything about it. It didn’t seem worth hunting down a lawyer or even posting an angry blog post somewhere.

The thing that pissed me off the most was that my site’s visitors would have no way of knowing that I hadn’t put the ads up myself. It seemed a real breach of trust.

Maybe I missed your point, but this sounds like arguing Regal Cinemas is violating the copyright on a studio’s movie by running a trailer before it for a different movie. Not saying the ad bannering isn’t icky, but this would be quite a novel interpretation of copyright law.

One more reason why HTTPS will eventually become the protocol of choice and all communications will be encrypted. On-the-fly page-modification is simply another man-in-the-middle attack; encryption will take care of it.

This is nothing, when I stayed at the Fairmont Tremblant in March 2010 every SSL protected website that I use on a normal basis produced a self signed SSL cert verification error (I’m an internet engineer and know what the “scary warning bubble” means). At first I thought it might be some great firewall of Canada trying to MITM me – so I rejected all the certs and just didn’t visit my bank account, credit card, or gmail that week. To my surprise though I brought my laptop to the Internet cafe across the street from the hotel and low and behold – no warnings. The f*cking Fairmont was the MITM culprit!!!!

Whenever I’m using town bicycle Wifi I always ssh connect to my server and send all web traffic through that as a socks proxy. So even if the hotel is doing middleman SSL (surprisingly often) they don’t get a chance. I use putty + foxyproxy, but there are a lot of options. Of course it requires that you have an ssh account somewhere.

Finally, do a TINY bit of research when choosing a hotel and you’ll find, miraculously!, that only FULL-SERVICE hotels charge for internet, which is typically bundled with long distance service and/or premium cable access. This trend is the result of high end hotels catering to those who are seeking luxury as opposed to value. If you want free wi-fi, choose Courtyard, Residence Inn, Townplace Suites, SpringHill Suites…all complimentary.